688
edits
Changes
From SME Server
Jump to navigationJump to search→Agent Configuration
Line 28:
Line 28:
/etc/init.d/wazuh-agent start
/etc/init.d/wazuh-agent start
+===SME Customizations===
+I added these instructions to /var/ossec/etc/ossec.conf:
+ <nowiki> <localfile>
+ <log_format>djb-multilog</log_format>
+ <location>/var/log/dovecot/current</location>
+ </localfile>
+ <localfile>
+ <log_format>djb-multilog</log_format>
+ <location>/var/log/tinydns/current</location>
+ </localfile>
+ <localfile>
+ <log_format>djb-multilog</log_format>
+ <location>/var/log/dnscache/current</location>
+ </localfile>
+
+ <localfile>
+ <log_format>command</log_format>
+ <command>grep -h logterse /var/log/*qpsmtpd/current</command>
+ <alias>s/qpsmtpd</alias>
+ <frequency>360</frequency>
+ </localfile>
+</nowiki>
+
+And this instruction to /var/ossec/etc/local_internal_options.conf:
+ <nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html
+# 'it may not be permissible in all environments to allow the Wazuh manager to run
+# arbitrary commands on agents in their root security context.'
+logcollector.remote_commands=1
+</nowiki>
+
+And restarted the agent using
+ /etc/init.d/wazuh-agent restart
=Older=
=Older=
